mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Patch #1603688: ConfigParser.SafeConfigParser now checks values that 

are set for invalid interpolation sequences that would lead to errors
on reading back those values.
This commit is contained in:
Georg Brandl 2007-03-13 17:43:32 +00:00
parent a36cde4ccc
commit 92a6baed7b
3 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Lib/ConfigParser.py
View File

@ -594,7 +594,8 @@ def _interpolate(self, section, option, rawval, vars):
self._interpolate_some(option, L, rawval, section, vars, 1) self._interpolate_some(option, L, rawval, section, vars, 1)
return ''.join(L) return ''.join(L)
_interpvar_match = re.compile(r"%\(([^)]+)\)s").match _interpvar_re = re.compile(r"%\(([^)]+)\)s")
_badpercent_re = re.compile(r"%[^%]|%$")
def _interpolate_some(self, option, accum, rest, section, map, depth): def _interpolate_some(self, option, accum, rest, section, map, depth):
if depth > MAX_INTERPOLATION_DEPTH: if depth > MAX_INTERPOLATION_DEPTH:
@ -613,7 +614,7 @@ def _interpolate_some(self, option, accum, rest, section, map, depth):
accum.append("%") accum.append("%")
rest = rest[2:] rest = rest[2:]
elif c == "(": elif c == "(":
m = self._interpvar_match(rest) m = self._interpvar_re.match(rest)
if m is None: if m is None:
raise InterpolationSyntaxError(option, section, raise InterpolationSyntaxError(option, section,
"bad interpolation variable reference %r" % rest) "bad interpolation variable reference %r" % rest)
@ -638,4 +639,12 @@ def set(self, section, option, value):
"""Set an option. Extend ConfigParser.set: check for string values.""" """Set an option. Extend ConfigParser.set: check for string values."""
if not isinstance(value, basestring): if not isinstance(value, basestring):
raise TypeError("option values must be strings") raise TypeError("option values must be strings")
# check for bad percent signs:
# first, replace all "good" interpolations
tmp_value = self._interpvar_re.sub('', value)
# then, check if there's a lone percent sign left
m = self._badpercent_re.search(tmp_value)
if m:
raise ValueError("invalid interpolation syntax in %r at "
"position %d" % (value, m.start()))
ConfigParser.set(self, section, option, value) ConfigParser.set(self, section, option, value)

12
Lib/test/test_cfgparser.py
View File

@ -422,6 +422,18 @@ def test_safe_interpolation(self):
self.assertEqual(cf.get("section", "ok"), "xxx/%s") self.assertEqual(cf.get("section", "ok"), "xxx/%s")
self.assertEqual(cf.get("section", "not_ok"), "xxx/xxx/%s") self.assertEqual(cf.get("section", "not_ok"), "xxx/xxx/%s")
def test_set_malformatted_interpolation(self):
cf = self.fromstring("[sect]\n"
"option1=foo\n")
self.assertEqual(cf.get('sect', "option1"), "foo")
self.assertRaises(ValueError, cf.set, "sect", "option1", "%foo")
self.assertRaises(ValueError, cf.set, "sect", "option1", "foo%")
self.assertRaises(ValueError, cf.set, "sect", "option1", "f%oo")
self.assertEqual(cf.get('sect', "option1"), "foo")
def test_set_nonstring_types(self): def test_set_nonstring_types(self):
cf = self.fromstring("[sect]\n" cf = self.fromstring("[sect]\n"
"option1=foo\n") "option1=foo\n")

4
Misc/NEWS
View File

@ -168,6 +168,10 @@ Core and builtins
Library Library
------- -------
- Patch #1603688: ConfigParser.SafeConfigParser now checks values that
are set for invalid interpolation sequences that would lead to errors
on reading back those values.
- Added support for the POSIX.1-2001 (pax) format to tarfile.py. Extended - Added support for the POSIX.1-2001 (pax) format to tarfile.py. Extended
and cleaned up the test suite. Added a new testtar.tar. and cleaned up the test suite. Added a new testtar.tar.